Everything you should know about web cookies!

Are cookies good or bad?

Cookies are a popular snack and a questionable phenomenon on the internet at the same time. If you’re looking for the former, you’ve come to the wrong place 😉 If you want to learn more about the significance of cookies on the internet, you’ve definitely come to the right place! In this article, we’ll show you what cookies are, how cookies work, what you as a website operator have to consider when using cookies, whether cookies are dangerous, and so on!

What are web cookies?


1 portion cookie name
1 portion cookie value
1 pinch Internet Domain
1/2 portion of website

mix it all with a good portion of cookie expiry date, HTTPS connection and GDPR and ePrivacy policy

… et voilà: ready is a freshly baked cookie 👩‍🍳

A technical cookie on the internet consists of the above-mentioned components. Since this is still very abstract, we have explained each term (with an example) in more detail. In your browser, you can check in the developer console which cookies have been set. In Google Chrome, for example, this looks like this.

Cookie in a browser: Technical view
  • Cookie name: The name of the cookie is selected by the service provider and describes what information is to be stored in the cookie. For example, Google Analytics cookies are called _ga or _gid.
  • Cookie value: Contains the information to be stored on the user’s terminal device. For example, the language in which the website should be displayed or a “randomly generated” number to identify the visitor’s computer can be stored here.
  • Domain with path: Describes which domain has set the cookie and is allowed to read it. For example, cookies set by devowl.io can only be read by the script of the devowl.io website. Other providers such as Facebook could not simply read the cookie.
  • Expiry date: The lifetime of the cookie is set. When should the cookie be deleted automatically: When the browser is closed (session cookie) or on a specific date?
  • HttpOnly: Cookies could in principle be “sent” by the server that delivers the website, or they could first be written to the client (browser) of the website visitor. A cookie marked with HttpOnly may only be read and written by the server – but not by the client.
  • Secure (HTTPS connection): Cookies marked as Secure may only be transmitted via HTTPS/TLS encrypted connections.

How do cookies on the internet work?

Legally, the term “cookies” describes so-called “HTTPS cookies”. In addition, there are also cookie-like data. Basically, cookies are divided into first-party and third-party cookies.

The function of cookies is easily explained: Cookies are small data packages that store individual data on the user’s computer when a website is called up, for example. The exact storage location of cookies depends on the browser. When the website is called up again, the information stored in the cookies is automatically used by the website.

Individual user data stored in cookies include:

  • Personal page settings
  • Language
  • IP address
  • Email address or telephone number (if provided by you as a visitor to the website)

What are cookies good for?

Are cookies dangerous? No, cookies are not the invention of malicious internet villains who try to spy on your data or plant malicious code on your computer. However, not all cookies are harmless. Theoretically, however, cookies contribute significantly to improving the user experience on a website. The great advantage of cookies is therefore comfortable surfing on the World Wide Web.

Example: User data already saved in the shopping basket of an online shop does not have to be entered again when the website or the shopping basket is called up again.

What happens if I do not accept cookies?

Should you agree to cookies? If you don’t like internet biscuits, you can usually deactivate them in your browser settings or reject them the first time you visit the website when a cookie banner pops up. However, it may happen that the visited website cannot be used to its full extent if you as a user reject or block cookies. As a rule, such technically necessary cookies – also called “essential cookies” – are always active. In addition to this cookie category, there are other cookie groups.

Technically necessary cookies are elementary cookies without which the basic functionality of the website is not given. The cookie for the login area is a good example of this. Because without this cookie, it is not possible for the website visitor to access the members’ area.

What happens when all cookies are deleted?

Deleting cookies sometimes removes saved website settings. As a website operator, non-essential cookies such as marketing cookies are also worth their weight in gold. By means of non-essential cookies, the user behaviour of the visitor can be analysed, among other things. Website users who do not want such use should delete their cookies regularly, for example weekly.

How long is a cookie stored and are cookies automatically deleted?

Cookie variants, such as so-called session cookies, are automatically deleted after the browser is closed. Other cookie types remain until their lifetime defined by the website developer has expired, or they are deleted manually.

What are cookies on the mobile phone?

Whether you surf the internet using your computer or smartphone makes no difference: the cookies on your mobile phone are the same as those on your computer. Cookies are set and data can be passed on. The cookies set depend on the website.

On your smartphone, information can also be stored in apps that function like cookies. It is best to check the privacy settings and privacy policy of each app to learn more about what data the apps store in cookie-like information.

Are cookies mandatory?

According to the law, the setting of cookies is not in itself an obligation. But: If you want to set non-essential cookies on your website, this may only be done after the active and informed consent of your visitor since the ruling in case C-673/17 of the ECJ/CURIA. There is a so-called opt-in obligation. The easiest way to implement this is with a universally loved cookie banner. You can read more about what a cookie banner is in our separate article.

A simple cookie notice is therefore not legally compliant. Instead, a cookie banner must be placed on your website that meets the requirements of the GDPR and the ePrivacy Directive. To help you with this, you can find valuable tips and tricks for the legally compliant design of your cookie consent banner in our articles Cookie banner text – this must be included!, Avoid the 15 most common mistakes in your cookie banner! and Cookie Banner Design – 10 tips for creative Data Protection!

What cookies does my website set?

One thing is obvious: only if you find all the services and cookies used on your website, classify them correctly and, if necessary, only play them after the website visitor has given his or her consent, will you be acting in compliance with the law. But easier said than done: tracking down cookies and services alone is an art in itself, and also requires a very long thread of patience – especially as a cookie newbie.

One cannot generalize about what cookies are set by websites. Each website is individually structured, uses different (external) services and passes on data to different third-party providers. Accordingly, it must be individually assessed on each website which cookies are set or read, when and for what purpose.

Do cookies cost money?

The biscuits in the supermarket yes, the biscuits on the internet generally not. Theoretically, cookies can’t cause any costs – but the wrong integration as a website operator on a website can (and that’s huge). The setting of non-technical cookies such as functional cookies or statistics cookies may not take place without the consent of the website user (you already know this now 👍). Incorrectly obtaining such consent by a missing or illegal cookie banner can result in warnings and, in the worst case, high fines. This must be avoided!

If you decide to use a free cookie banner that was created using a cookie notice generator, for example, you should also be careful here. Most free cookie banner generators do not cover many features. Instead, you should rather use a professional cookie banner such as Real Cookie Banner!

Create your legally compliant cookie notice with Real Cookie Banner

With the Cookie Consent Plugin from Real Cookie Banner, you can create your cookie banner in compliance with the GDPR and ePrivacy Directive in no time to easily manage your visitors’ cookie consent. With around 20 design templates and many templates for popular services (such as Google Analytics, Facebook Pixel or YouTube), you can make accepting cookies delicious for your visitors – so that the annoying banner is only half as annoying now 😉